Replies: 2 comments 2 replies
-
|
Uwe described the permitted RDN types and what can be done in |
Beta Was this translation helpful? Give feedback.
-
|
Yes, sure, but i need a custom one out of those, its for a specific use case. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @hansjoachimknobloch and @PCcunha. I also stumbled across this issue and initially had the idea to write a routine to encode the Subject DN in ASN.1 and then put it into the "RawName" property. But i fear when I read the Microsoft documentation that this will not work:
So I fear we have hit the limit of what can be achieved with AD CS. But we could solve the initial issue with some caveats:
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply! I will investigate on the last suggestion as have the field included on the rdn is not possible. I will give a feedback here later. |
Beta Was this translation helpful? Give feedback.
-
So, long story short. i need to add a custom Subject field with oid 0.9.2342.19200300.100.1.1 to a certificate template and map to a custom AD field.
The custom AD field is easy to add, just put the field in the static list with the others. I will try to implement this logic in a automated way in the future to parse the configuration files "ad" fields and only query the active directory for those fields in use, and make possible do dinamically use custom fields. Half way done.
i thought...
Then I had tryed adding the custom information to rdntypes lists but it turns out that ICertServerPolicy::SetCertificateProperty method does not allows the usage of a custom field.
I havent managed to bypass this issue with any other avaliable "easy" methods. Maybe the way is to write the full asn1 part and embed it directly on the request.
The documentation by Microsoft is also far from ideal...
Any ideas?
Beta Was this translation helpful? Give feedback.
All reactions